[antispam-f] Fake future dates

• From: Harriet Bazley <lists@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
• To: antispam@xxxxxxxxxxxxx
• Date: Sun, 29 Oct 2006 02:57:57 +0100

Someone pointed out on comp.sys.acorn.misc that there's currently spam
coming in with false dates set in the future (presumably to make sure it
appears at the top of the receiver's inbox?)

I had a look at my collection of escapees, and sure enough, it's there -
sets of e-mails being sent out with the date set a month in advance.
(Also some with dates from years in the past, either because they
originate from an elderly virus or because they're aimed at people who
sort their inboxes the other way up! ;-)

So I decided to write another UserTest to catch them:
  Delete Date: @ forward_dates

The test is configurable by editing the value of the local
variable excess% - currently set to a generous three days to allow for
badly set clocks and possible odd date zones, but that's more than
enough to catch all the spam I've received, which is set much further in
advance.   It doesn't attempt to cope with leap years (another reason
for allowing a reasonably generous margin!) but does handle the
December/January wraparound.

You could probably extend the test to check for date headers claiming to
be more than a year old, but I haven't got so many of those, so I
haven't bothered to do so.



DEF FN@forward_dates
LOCAL d%,m%,y%,yearday%,excess%,thisyear%

excess%=3
REM number of days into future we will accept e-mail from(!)

date$= MID$(d$,6,11)
REM dd mmm yyyy
mon$=MID$(date$,4,3)

d%=VAL(date$)
m%=INSTR("jan,feb,mar,apr,may,jun,jul,aug,sep,oct,nov,dec,",mon$+",")
m%=m%/4+1
REM get month number
y%=VAL(RIGHT$(date$,4))

?user_dateblock1%=3
SYS "OS_Word",14,user_dateblock1%:REM get current date/time
SYS"Territory_ConvertTimeToOrdinals",-1,user_dateblock1%,user_dateblock2%

yearday%=user_dateblock2%!32:REM number of day in year
thisyear%=user_dateblock2%!24:REM number of year

yearday%=(yearday%+excess%)
IF yearday%>365 THEN yearday%=yearday% MOD 365: thisyear%+=1


IF y%<thisyear% THEN=FALSE
REM this is a fairly safe conclusion...


user_dateblock2%!16=d%
user_dateblock2%!20=m%
user_dateblock2%!24=y%
REM poke in values from Date: header (ignore time values)
SYS"Territory_ConvertOrdinalsToTime",-1,user_dateblock1%,user_dateblock2%
SYS"Territory_ConvertTimeToOrdinals",-1,user_dateblock1%,user_dateblock2%
REM convert backwards and forwards to get new yearday value calculated for us


IF (user_dateblock2%!32)<yearday% AND y%=thisyear% THEN=FALSE
REM safely within range

=TRUE
REM Otherwise, we've been passed a fake future date!


-- 
Harriet Bazley                     ==  Loyaulte me lie ==

People who live in stone houses shouldn't throw glasses.

• Follow-Ups:
  • [antispam-f] Re: Fake future dates
    • From: lists (ww)
  • [antispam-f] Re: Fake future dates
    • From: Mark J

Other related posts:

• » [antispam-f] Fake future dates
• » [antispam-f] Re: Fake future dates
• » [antispam-f] Re: Fake future dates
• » [antispam-f] Re: Fake future dates
• » [antispam-f] Re: Fake future dates
• » [antispam-f] Re: Fake future dates
• » [antispam-f] Re: Fake future dates
• » [antispam-f] Re: Fake future dates
• » [antispam-f] Re: Fake future dates
• » [antispam-f] Re: Fake future dates
• » [antispam-f] Re: Fake future dates
• » [antispam-f] Re: Fake future dates
• » [antispam-f] Re: Fake future dates

1. Home
2. antispam
3. Archive
4. 10-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---